Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Cassandra
APPApache4.0.02.1.0 – 2.1.22 (bez)3.11.0 – 3.11.8 (bez)3.0.0 – 3.0.22 (bez)2.2.0 – 2.2.18 (bez)Canonical Ubuntu
OSCanonical12.0414.0415.1016.04Debian
OSDebian8.0Netapp E Series Santricity Management Plug Ins
APPNetappwszystkie wersjeNetapp E Series Santricity Storage Manager
APPNetappwszystkie wersjeNetapp E Series Santricity Web Services
APPNetappwszystkie wersjeNetapp Oncommand Balance
APPNetappwszystkie wersjeNetapp Oncommand Cloud Manager
APPNetappwszystkie wersjeNetapp Oncommand Insight
APPNetappwszystkie wersjeNetapp Oncommand Performance Manager
APPNetappwszystkie wersjeNetapp Oncommand Report
APPNetappwszystkie wersjeNetapp Oncommand Shift
APPNetappwszystkie wersjeNetapp Oncommand Unified Manager
APPNetappwszystkie wersjeNetapp Oncommand Workflow Automation
APPNetappwszystkie wersjeNetapp Storagegrid
APPNetapp≤ 9.0.4Netapp Vasa Provider For Clustered Data Ontap
APPNetapp≥ 7.2Netapp Virtual Storage Console
APPNetapp≥ 7.2Opensuse Leap
OSOpensuse42.1Opensuse
OSOpensuse13.113.2Oracle JDK
APPOracle1.6.01.7.01.8.0Oracle Jre
APPOracle1.6.01.7.01.8.0Oracle Jrockit
APPOracler28.3.9Oracle Linux
OSOracle567Red Hat Enterprise Linux Desktop
OSRedhat5.06.07.0Red Hat Enterprise Linux Eus
OSRedhat6.77.27.37.47.57.67.7Red Hat Enterprise Linux Server
OSRedhat5.06.07.0Red Hat Enterprise Linux Server Aus
OSRedhat7.27.37.47.67.7Red Hat Enterprise Linux Server Eus
OSRedhat6.77.2Red Hat Enterprise Linux Server Tus
OSRedhat7.27.37.67.7Red Hat Enterprise Linux Workstation
OSRedhat5.06.07.0
CISA KEV — detailsi
- Vendori
- Oracle ↗
- Producti
- Java SE and JRockit
- Added to KEVi
- May 12, 2023
- Remediation deadline (US Federal)i
- June 2, 2023(overdue)
Apply updates per vendor instructions.
Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki